Russenger Ransomware
Posted: February 21, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 91 |
| First Seen: | June 26, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The Russenger Ransomware is a file-locking Trojan that uses encryption to keep your files, such as documents, pictures, or archives, from opening. This threat's campaign is disguising its executable as accounting software and may attempt the installations via file-sharing networks or free software websites. Have your anti-malware programs delete the Russenger Ransomware as soon as they can, to reduce data loss to a minimum, and use your backups for recovering any locked files.
The Messenger with a Ransom for You
Russia-targeting Trojans are becoming a daily part of the file-locking Trojan industry, although most of these threats appear to attack random residents, instead of the networks of corporate, government or NGO entities. The Russenger Ransomware is another example of a Trojan using ransoming messages specific for that nation, although its developers may be from a different nationality, due to their linguistic errors. This Trojan's name is due to the 'Messenger' data found in its file data, although it doesn't pretend to be an instant messaging program of any kind.
Rather than being an 'IM' utility, the Russenger Ransomware is posing itself as being a product of the 1C Company, which is an entity noted for its video game and business productivity software. The program's main installer is a Windows executable of just over one megabyte, which makes it slightly larger than most file-locking Trojans of note to malware analysts. Some symptoms of any Russenger Ransomware infection include:
- The Russenger Ransomware blocks different formats of media by using a not-yet-identified encryption method, such as AES-256 or RSA. The Russenger Ransomware appends '.messenger-%random%' extensions to their names (where 'random' is a randomized set of alphanumeric character that changes from name to name).
- The Trojan also delivers a static text message asking the user to contact the threat actor's e-mail for paying to unlock the above files. The Russian language note includes some relatively obvious grammar issues and may be a byproduct of an automated translator.
- Most of the Russenger Ransomware's payload is non-configurable, and malware researchers speculate that its admins are generating new executable variants of the Trojan for each series of attacks against any individual entity. This characteristic sets the Russenger Ransomware apart from most kinds of file-locking threats that include capabilities for generating details like the ID number of the 'customer' dynamically.
Sending Bad Messengers out the Door with Nothing
According to the information associated with its last samples, the Russenger Ransomware is more likely of circulating by the infection vectors most often notable for abetting the installation of fake or mislabeled software. Victims may compromise their PCs by installing 'accounting programs' from freeware sites, pirated content-promoting domains, or any file-sharing networks with few security standards, such as torrents. Once it launches, the Russenger Ransomware can lock your files without needing any further permission from any user.
Malware researchers are still determining the potential decryption solutions for the Russenger Ransomware, which may or may not leave you with any recoverable media. File-locking attacks always are best prevented beforehand, although users can keep backups for lowering any chance of data loss that's permanent. Since less than a dozen brands of professional anti-malware products are detecting this threat, emphasize should be placed on updating your PC's security software for helping it delete the Russenger Ransomware with as much accuracy as possible.
Russia's heritage within the threat industry is a unique one, but not one that grants it immunity from attacks by threat actors who reside elsewhere. Considering the average cost of a Trojan campaign's ransom, the price of the Russenger Ransomware's 'free' software is higher than one would hope.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.